Mailing List Archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

have a look at the manpage at --export-secret-keys:

"Same as --export, but exports the secret keys instead. ..."

regards,
Erich

On Thu, 20 May 2021, sergio via Gnupg-users wrote:

> I have generated a key on host A and it works fine:
>
> A $ echo test | gpg --encrypt --recipient <ID> | gpg --decrypt
> gpg: encrypted with 256-bit ECDH key, ID <ID>, created <date>
> "Name (comment) <email>"
> test
>
> I copied it to host B:
>
> A $ gpg --armor --export <id> > private.key
> A $ scp private.key B:
> B $ gpg --import private.key
>
> But it doesn't work on B:
> B % echo test | gpg --encrypt --recipient <ID> | gpg --decrypt
> gpg: encrypted with 256-bit ECDH key, ID <ID>, created <date>
> "name (comment) <email>"
> gpg: decryption failed: No secret key
>
>
> gpg version is the same on both hosts: 2.2.27-2 from debian sid
>
>
> $ gpg --list-secret-keys --with-subkey-fingerprint
> show the same key on both hosts
>
>
> --
> sergio.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmCmUfwACgkQCu7JB1Xa
e1oSqg/9EepKvPziEfCmyDFe/4DIfkilsYWGqIOmXuKZyyykxXqBegyxAgZ8p3BK
aqkzq/lS9IgB0AiyZ9whFRH1q9rVXfZwmfxjN4eEkz4dkrNaPSGk9OlWC2l4ZM1n
Nxld2teVd6zbXFZiOCWXqpgLTj9tzY1Jv3bKyYa03NmIzTS3aI5nd9ES9je/veiO
+t9Ytii18nsNApj8VgFqT4Q/5Ie3hu2VYHcCx/tdjNe+biZsEUAmPl1hY4Z/Rhko
e5q8WRJzybnaPBX0llWkZ6G6cYHxAlIytmLjlSWAsLbCbd0/WwOQcdwqlBLM9sUg
dq1EE5FXJNlqwhZ+xzYqSvmYfrS0Hzp+j4FCBiM8I1g0aWQzfGD5RDD2SLm1JD8z
5pjs9dfAv0IwlXjoZ5t3cflqHp0Q+BUXgJigGIwNs9LYwsdreNEv2FqA0Rc0gW3j
F6MsfI4hfeLAY/cwr5LyDB/UOjl5p4i83Z8DmVbQYZfhnuhAwq07yHcXIae9iy3s
taNpurM+4QJchtq7Xs+MgyvZtATb9Kc1XduAgQ1U50Lepm5ppS4orh13d8qyk8P0
um2J+MpvxJILIlHxBPwF7cLYA/N++4+9FlOlHNH/S9SPyYBFaa4OviKCPoWrNr7L
3r9dMdiF89CCYF8frRF/qW0+weBPR+ePTwa9cRXm81innUQHeZM=
=uft7
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> --export-secret-keys

Sorry, this is a typo, or course. And to be absolutely sure, I re-checked:

B $ gpg --import secret.key
gpg: key <ID>: public key "name (comment) <email>" imported
gpg: key <ID>: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
gpg: secret keys unchanged: 1



--
sergio.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

I tried the same sequence on the same host A but for new test user with
clean ~/.gnupg without success. Could you help me to debug this, please.

--
sergio.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

I found the sequence to reproduce my problem:


$ rm -rf .gnupg
$ gpg --gen-key --batch <<EOF
%echo Generating a 25519 key
Key-Type: eddsa
Key-Curve: Ed25519
Key-Usage: cert
Subkey-Type: ecdh
Subkey-Curve: Ed25519
Subkey-Usage: encrypt
Name-Real: test
Name-Email: test@test.com
%commit
%echo done
EOF
gpg: directory '/home/test/.gnupg' created
gpg: keybox '/home/test/.gnupg/pubring.kbx' created
gpg: Generating a 25519 key
gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
gpg: key 6C6DB60F0545821C marked as ultimately trusted
gpg: directory '/home/test/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as
'/home/test/.gnupg/openpgp-revocs.d/268017E33AFCBAD119C2FB626C6DB60F0545821C.rev'
gpg: done
$ gpg -K
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/test/.gnupg/pubring.kbx
-----------------------------
sec ed25519 2021-06-06 [C]
268017E33AFCBAD119C2FB626C6DB60F0545821C
uid [ultimate] test <test@test.com>
ssb ed25519 2021-06-06 [E]

$ echo test | gpg --encrypt --recipient test@test.com | gpg --decrypt
gpg: encrypted with 256-bit ECDH key, ID 683197C0DF776EC0, created
2021-06-06
"test <test@test.com>"
test

$ gpg --export-secret-keys -a > keys.asc
$ rm -rf .gnupg
$ gpg --import --trust-model always keys.asc
gpg: directory '/home/test/.gnupg' created
gpg: keybox '/home/test/.gnupg/pubring.kbx' created
gpg: key 6C6DB60F0545821C: public key "test <test@test.com>" imported
gpg: key 6C6DB60F0545821C: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
$ gpg -K
gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
/home/test/.gnupg/pubring.kbx
-----------------------------
sec ed25519 2021-06-06 [C]
268017E33AFCBAD119C2FB626C6DB60F0545821C
uid [ unknown] test <test@test.com>
ssb# ed25519 2021-06-06 [E]

$ echo test | gpg --encrypt --recipient test@test.com | gpg --decrypt
gpg: 683197C0DF776EC0: There is no assurance this key belongs to the
named user

sub ed25519/683197C0DF776EC0 2021-06-06 test <test@test.com>
Primary key fingerprint: 2680 17E3 3AFC BAD1 19C2 FB62 6C6D B60F 0545
821C
Subkey fingerprint: C0E4 F2BE 8532 1C1A 3777 8963 6831 97C0 DF77
6EC0

It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y
gpg: encrypted with 256-bit ECDH key, ID 683197C0DF776EC0, created
2021-06-06
"test <test@test.com>"
gpg: decryption failed: No secret key
$


Is this a gnupg bug or I'm doing something wrong?

--
sergio.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

??????? Original Message ???????
On Sunday, June 6, 2021 2:24 PM, sergio via Gnupg-users <gnupg-users@gnupg.org> wrote:

> I found the sequence to reproduce my problem:
>
> $ rm -rf .gnupg
> $ gpg --gen-key --batch <<EOF
> %echo Generating a 25519 key
> Key-Type: eddsa
> Key-Curve: Ed25519
> Key-Usage: cert
> Subkey-Type: ecdh
> Subkey-Curve: Ed25519

The problem is the subkey curve being ed25519. It will not import correctly. For an encryption subkey you must use "Subkey-Curve: cv25519".

See: https://dev.gnupg.org/T5401

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Thank you anon85786376!!

--
sergio.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users